Re: mounting CIFS share (tcp/445) with FreeBSD and mount_smbfs(8)
On Wed, 2 Mar 2016 18:48:24 + Martin Smith wrote: > On 02/03/2016 05:02, O. Hartmann wrote: > > Hello list. > > > > I need to mount a CIFS share from windows server 2012 r2 via CIFS, tcp/445 > > as NetBIOS service (tcp/139) has been deprecated due to serious > > vulnerability issues. > > > > Until the disabling of NetBIOS and tcp/139 we used successfully autofs and > > mount_smbfs. this is no longer working. I tried to force autofs/mount_smbfs > > to bind to port 445 on the server via ://@xxx.xxx.xxx.xxx:445/sharename, > > but this doesn't work. > > > > Trying to mount a share from a samba 4.3 server (FreeBSD CURRENT, > > net/samba43, both most recent sources), where I configured samba_server via > > smb ports = 445 to use port tcp 445 only and only SMB2 and SMB3 (server min > > protocol = SMB2) protocols via the following command: > > > > mount_smbfs -I xxx.xxx.xxx.xxx -U a_user -W \ > > WORKGROUP //a_u...@xxx.xxx.xxx.xxx:445/sharename /mnt > > > > results in the error > > > > mount_smbfs: unable to open connection: syserr = RPC struct is bad > > > > Setting "smb ports = 139,445" and "server min protocol = NT1" seems to > > work, the share can be bound, but this is SMB over tcp/139 and not CIFS. > > > > I desperately need CIFS and I need tcp/445 since tcp/139 is from now on > > firewalled. > > > > So: what do I miss here? > I think this is a windows server problem, though I am not in a position > to make any useful suggestions > except to say that I am continually coming up against similar problems > with windows machines as well > sorry I cant be any more help Since I manag to connect to a SAMBA 4.3 server via 445/tcp only, but only when "min protocol = NT1" is set (tried also SMB2). Connecting to Windows 2012 R2 doesn't work. I guess mount_smbfs "understands" only NT1 and below, the Win 2012R2 offers at least SMB2? > > > > > > Kind regards and thank you in advance, > > > > O. Hartmann > > > > P.S. Please CC me ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
Re: mounting CIFS share (tcp/445) with FreeBSD and mount_smbfs(8)
On Wed, 2 Mar 2016 17:49:40 +0300 "Andrey V. Elsukov" wrote: > On 02.03.16 17:29, O. Hartmann wrote: > > My interpretation of the above errors are: FreeBSD is incapable to handle > > CIFS over tcp/445. The above URL/site claims to have solved the problem, > > but it seems not true for CURRENT. > > Did you try some FUSE CIFS implementations? > FUSE and its sibblings doesn't get attention, since it is something additional from ports. We have for the project security considerations and my intention is to perform that task with most FreeBSD-only software. But thanks anyway - I didn't have that project in mind so far, only SAMBA 4.3, misused as a client ... ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
Re: mounting CIFS share (tcp/445) with FreeBSD and mount_smbfs(8)
Am Wed, 2 Mar 2016 16:01:57 +0100 Rainer Hurling schrieb: > Hi Oliver, > > Am 02.03.16 um 15:29 schrieb O. Hartmann: > > On Tue, 1 Mar 2016 23:39:22 +0200 > > "Reko Turja" wrote: > > > >> -Original Message- > >> From: O. Hartmann > >> Subject: mounting CIFS share (tcp/455) with FreeBSD and mount_smbfs(8) > >>> > >>> I need to mount a CIFS share from windows server 2012 r2 via CIFS, tcp/445 > >>> as NetBIOS service (tcp/139) has been deprecated due to serious > >>> vulnerability issues. . > >>> . > >>> . > >>> I desperately need CIFS and I need tcp/445 since tcp/139 is from now on > >>> firewalled. > >> > >> There's actually alternative available that's far more UNIX-friendly and > >> not > >> depending on the SAMBA foibles. > >> > >> https://technet.microsoft.com/en-us/library/jj574143.aspx?f=255&MSPPError=-2147217396 > >> > >> Of course, you need to have admin access to the server or get the admins > >> enable NFS on it. > >> > >> -Reko > >> > >> (I've used the Windows NFS the other way around- FreeBSD NFS shares mounted > >> with on Win7.) ___ > >> freebsd-current@freebsd.org mailing list > >> https://lists.freebsd.org/mailman/listinfo/freebsd-current > >> To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org" > >> > > > > Using others than CIFS is impossible, I'm dependend on existing services. > > Within the next forseable time port tcp/139 gets firewalled. > > > > So far I have compiled NETSMB, SMBFS, LIBMCHAIN and LIBICONV (I think the > > latter two are prerequests for NETSMB/SMBFS, didn't find much in the very > > sparse and unfinished docs for that subject!) into the kernel. > > > > I found this following the exact subject I ran into: > > > > http://agreif.blogspot.de/2014/01/blog-post.html > > > > It doesn't work with either SAMBA 4.3 or Windows Server 2012 R2. Consider > > the > > following situation. > > > > Windows/samba server has IP 10.0.0.1, it's WINS name is locus, its domain is > > ASUF the user is pimmel. The passowrd is in /etc/nsmb.conf, > > hashed: > > > > > > [default] > > charsets=utf-8:utf-8 > > > > [LOCUS:PIMMEL] > > address=10.0.0.1 > > password=$$ajdhasuih57 > > > > The, following the above instructions, the mount_smbfs(8) command would be > > > > mount_smbfs -I10.0.0.1 -Wasuf -N //pimmel@10.0.0.1:445/share /mnt > > > > If -W is fed with ASUF (all uppercase), I get a strange error: > > > > mount_smbfs: invalid local charset specification (IT4) > > > > Connecting to the SAMBA 4.3 server, and with -Wasuf, I get > > > > mount_smbfs: unable to open connection: syserr = RPC struct is bad > > > > Connectingto the Windows 2012 R2 server results in > > > > mount_smbfs: unable to open connection: syserr = Connection reset by peer > > > > First, the manpage for mount_smbfs(8) is everything else than FreeBSD > > standard! > > There is an unexplained option "-n opt". What is that? > > > > Second, CIFS over tcp/445 seems to be now very(!) common in the Windooze > > world > > - why is that fact not reflected by FreeBSD? I tried to find some > > explanations/manpages for "man netsmb" or "smbfs" (the kernel options), but > > none found :-( > > > > My interpretation of the above errors are: FreeBSD is incapable to handle > > CIFS > > over tcp/445. The above URL/site claims to have solved the problem, but it > > seems not true for CURRENT. > > For me, the described scenario works well with base smbfs (on recent > HEAD amd64). My configuration differs in some way from yours. I use recent HEAD (most recent, just recompiled world a minute ago ...) > > GROUPNAME, SERVERNAME, and USERNAME should be written in capital letters > (?), domainname\\username in small letters (?): I have almost every permutation used by now. Using -WUPPERCASE on the commandline gives me strange errors like: mount_smbfs: invalid local charset specification (IT4), -wlowercase doen't. Using tcp/139 NetBIOS with both Samba 4.3 and Win 2012 R2 works with lowercase username, servername. > > > # --- > #cat /etc/nsmb.conf > ... > [default] > workgroup=GROUPNAME > > [SERVERNAME] > nbns=xxx.xxx.xxx.xxx (IPv4 address) > charsets=UTF-8:CP866 > addr=servername.xxx.de > > [SERVERNAME:USERNAME] > username=domainname\\username > password=HASHED_PASSWORD > > > # --- > My entries in /etc/fstab look like this: > ... > ### Mountpoints for mount_smbfs (of base system) > //username@servername/dir /SMB/DIRsmbfs rw,late 0 0 > > [and this also works with port 445:] > //username@servername:445/dir /SMB/DIRsmbfs rw,late > 0 0 > > > # --- > !!! If this was a real hashed password in your mail above, you should > change it ... it isn't ;-) > > HTH and greetings, > Rainer Thanks and kind regards, Oliver pgprV2vAFJaH7.pgp Description: OpenPGP digital signature
Re: mounting CIFS share (tcp/445) with FreeBSD and mount_smbfs(8)
On 02/03/2016 05:02, O. Hartmann wrote: Hello list. I need to mount a CIFS share from windows server 2012 r2 via CIFS, tcp/445 as NetBIOS service (tcp/139) has been deprecated due to serious vulnerability issues. Until the disabling of NetBIOS and tcp/139 we used successfully autofs and mount_smbfs. this is no longer working. I tried to force autofs/mount_smbfs to bind to port 445 on the server via ://@xxx.xxx.xxx.xxx:445/sharename, but this doesn't work. Trying to mount a share from a samba 4.3 server (FreeBSD CURRENT, net/samba43, both most recent sources), where I configured samba_server via smb ports = 445 to use port tcp 445 only and only SMB2 and SMB3 (server min protocol = SMB2) protocols via the following command: mount_smbfs -I xxx.xxx.xxx.xxx -U a_user -W \ WORKGROUP //a_u...@xxx.xxx.xxx.xxx:445/sharename /mnt results in the error mount_smbfs: unable to open connection: syserr = RPC struct is bad Setting "smb ports = 139,445" and "server min protocol = NT1" seems to work, the share can be bound, but this is SMB over tcp/139 and not CIFS. I desperately need CIFS and I need tcp/445 since tcp/139 is from now on firewalled. So: what do I miss here? I think this is a windows server problem, though I am not in a position to make any useful suggestions except to say that I am continually coming up against similar problems with windows machines as well sorry I cant be any more help Kind regards and thank you in advance, O. Hartmann P.S. Please CC me ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
Re: mounting CIFS share (tcp/445) with FreeBSD and mount_smbfs(8)
Hi Oliver, Am 02.03.16 um 15:29 schrieb O. Hartmann: On Tue, 1 Mar 2016 23:39:22 +0200 "Reko Turja" wrote: -Original Message- From: O. Hartmann Subject: mounting CIFS share (tcp/455) with FreeBSD and mount_smbfs(8) I need to mount a CIFS share from windows server 2012 r2 via CIFS, tcp/445 as NetBIOS service (tcp/139) has been deprecated due to serious vulnerability issues. . . . I desperately need CIFS and I need tcp/445 since tcp/139 is from now on firewalled. There's actually alternative available that's far more UNIX-friendly and not depending on the SAMBA foibles. https://technet.microsoft.com/en-us/library/jj574143.aspx?f=255&MSPPError=-2147217396 Of course, you need to have admin access to the server or get the admins enable NFS on it. -Reko (I've used the Windows NFS the other way around- FreeBSD NFS shares mounted with on Win7.) ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org" Using others than CIFS is impossible, I'm dependend on existing services. Within the next forseable time port tcp/139 gets firewalled. So far I have compiled NETSMB, SMBFS, LIBMCHAIN and LIBICONV (I think the latter two are prerequests for NETSMB/SMBFS, didn't find much in the very sparse and unfinished docs for that subject!) into the kernel. I found this following the exact subject I ran into: http://agreif.blogspot.de/2014/01/blog-post.html It doesn't work with either SAMBA 4.3 or Windows Server 2012 R2. Consider the following situation. Windows/samba server has IP 10.0.0.1, it's WINS name is locus, its domain is ASUF the user is pimmel. The passowrd is in /etc/nsmb.conf, hashed: [default] charsets=utf-8:utf-8 [LOCUS:PIMMEL] address=10.0.0.1 password=$$ajdhasuih57 The, following the above instructions, the mount_smbfs(8) command would be mount_smbfs -I10.0.0.1 -Wasuf -N //pimmel@10.0.0.1:445/share /mnt If -W is fed with ASUF (all uppercase), I get a strange error: mount_smbfs: invalid local charset specification (IT4) Connecting to the SAMBA 4.3 server, and with -Wasuf, I get mount_smbfs: unable to open connection: syserr = RPC struct is bad Connectingto the Windows 2012 R2 server results in mount_smbfs: unable to open connection: syserr = Connection reset by peer First, the manpage for mount_smbfs(8) is everything else than FreeBSD standard! There is an unexplained option "-n opt". What is that? Second, CIFS over tcp/445 seems to be now very(!) common in the Windooze world - why is that fact not reflected by FreeBSD? I tried to find some explanations/manpages for "man netsmb" or "smbfs" (the kernel options), but none found :-( My interpretation of the above errors are: FreeBSD is incapable to handle CIFS over tcp/445. The above URL/site claims to have solved the problem, but it seems not true for CURRENT. For me, the described scenario works well with base smbfs (on recent HEAD amd64). My configuration differs in some way from yours. GROUPNAME, SERVERNAME, and USERNAME should be written in capital letters (?), domainname\\username in small letters (?): # --- #cat /etc/nsmb.conf ... [default] workgroup=GROUPNAME [SERVERNAME] nbns=xxx.xxx.xxx.xxx (IPv4 address) charsets=UTF-8:CP866 addr=servername.xxx.de [SERVERNAME:USERNAME] username=domainname\\username password=HASHED_PASSWORD # --- My entries in /etc/fstab look like this: ... ### Mountpoints for mount_smbfs (of base system) //username@servername/dir /SMB/DIRsmbfs rw,late 0 0 [and this also works with port 445:] //username@servername:445/dir /SMB/DIRsmbfs rw,late 0 0 # --- !!! If this was a real hashed password in your mail above, you should change it ... HTH and greetings, Rainer ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
Re: mounting CIFS share (tcp/445) with FreeBSD and mount_smbfs(8)
On 02.03.16 17:29, O. Hartmann wrote: > My interpretation of the above errors are: FreeBSD is incapable to handle CIFS > over tcp/445. The above URL/site claims to have solved the problem, but it > seems not true for CURRENT. Did you try some FUSE CIFS implementations? -- WBR, Andrey V. Elsukov signature.asc Description: OpenPGP digital signature
Re: mounting CIFS share (tcp/445) with FreeBSD and mount_smbfs(8)
On Tue, 1 Mar 2016 23:39:22 +0200 "Reko Turja" wrote: > -Original Message- > From: O. Hartmann > Subject: mounting CIFS share (tcp/455) with FreeBSD and mount_smbfs(8) > > > > I need to mount a CIFS share from windows server 2012 r2 via CIFS, tcp/445 > > as NetBIOS service (tcp/139) has been deprecated due to serious > > vulnerability issues. . > > . > > . > > I desperately need CIFS and I need tcp/445 since tcp/139 is from now on > > firewalled. > > There's actually alternative available that's far more UNIX-friendly and not > depending on the SAMBA foibles. > > https://technet.microsoft.com/en-us/library/jj574143.aspx?f=255&MSPPError=-2147217396 > > Of course, you need to have admin access to the server or get the admins > enable NFS on it. > > -Reko > > (I've used the Windows NFS the other way around- FreeBSD NFS shares mounted > with on Win7.) ___ > freebsd-current@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org" Using others than CIFS is impossible, I'm dependend on existing services. Within the next forseable time port tcp/139 gets firewalled. So far I have compiled NETSMB, SMBFS, LIBMCHAIN and LIBICONV (I think the latter two are prerequests for NETSMB/SMBFS, didn't find much in the very sparse and unfinished docs for that subject!) into the kernel. I found this following the exact subject I ran into: http://agreif.blogspot.de/2014/01/blog-post.html It doesn't work with either SAMBA 4.3 or Windows Server 2012 R2. Consider the following situation. Windows/samba server has IP 10.0.0.1, it's WINS name is locus, its domain is ASUF the user is pimmel. The passowrd is in /etc/nsmb.conf, hashed: [default] charsets=utf-8:utf-8 [LOCUS:PIMMEL] address=10.0.0.1 password=$$ajdhasuih57 The, following the above instructions, the mount_smbfs(8) command would be mount_smbfs -I10.0.0.1 -Wasuf -N //pimmel@10.0.0.1:445/share /mnt If -W is fed with ASUF (all uppercase), I get a strange error: mount_smbfs: invalid local charset specification (IT4) Connecting to the SAMBA 4.3 server, and with -Wasuf, I get mount_smbfs: unable to open connection: syserr = RPC struct is bad Connectingto the Windows 2012 R2 server results in mount_smbfs: unable to open connection: syserr = Connection reset by peer First, the manpage for mount_smbfs(8) is everything else than FreeBSD standard! There is an unexplained option "-n opt". What is that? Second, CIFS over tcp/445 seems to be now very(!) common in the Windooze world - why is that fact not reflected by FreeBSD? I tried to find some explanations/manpages for "man netsmb" or "smbfs" (the kernel options), but none found :-( My interpretation of the above errors are: FreeBSD is incapable to handle CIFS over tcp/445. The above URL/site claims to have solved the problem, but it seems not true for CURRENT. ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
mounting CIFS share (tcp/445) with FreeBSD and mount_smbfs(8)
Hello list. I need to mount a CIFS share from windows server 2012 r2 via CIFS, tcp/445 as NetBIOS service (tcp/139) has been deprecated due to serious vulnerability issues. Until the disabling of NetBIOS and tcp/139 we used successfully autofs and mount_smbfs. this is no longer working. I tried to force autofs/mount_smbfs to bind to port 445 on the server via ://@xxx.xxx.xxx.xxx:445/sharename, but this doesn't work. Trying to mount a share from a samba 4.3 server (FreeBSD CURRENT, net/samba43, both most recent sources), where I configured samba_server via smb ports = 445 to use port tcp 445 only and only SMB2 and SMB3 (server min protocol = SMB2) protocols via the following command: mount_smbfs -I xxx.xxx.xxx.xxx -U a_user -W \ WORKGROUP //a_u...@xxx.xxx.xxx.xxx:445/sharename /mnt results in the error mount_smbfs: unable to open connection: syserr = RPC struct is bad Setting "smb ports = 139,445" and "server min protocol = NT1" seems to work, the share can be bound, but this is SMB over tcp/139 and not CIFS. I desperately need CIFS and I need tcp/445 since tcp/139 is from now on firewalled. So: what do I miss here? Kind regards and thank you in advance, O. Hartmann P.S. Please CC me pgpUNlyc_pQna.pgp Description: OpenPGP digital signature